Upgrade of Secure Firewall Threat Defense Using Firewall Device Manager

Introduction

This document describes an example of a Cisco Secure Firewall Threat Defense (FTD) upgrade using the Firewall Device Manager (FDM).

Prerequisites

Requirements

Cisco recommends knowledge of these topics:

• There are no specific requirements for this guide

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Firepower 4125 running FTD version 7.2.3

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

Specific requirements for this document include:

•  Connectivity to the Management IP of the FTD
• The FTD upgrade package (.REL.tar) previously downloaded from the Software Cisco Portal

This upgrade procedure is supported on appliances:

• Any Cisco Firepower model running FTD software configured with local management.

Before You Begin

1. Create and download a backup of the FTD Configurations.
2. Validate the upgrade path for the target version.
3. Download the upgrade package from the Cisco Software Central.

4. Do not rename the upgrade file. The system considers renamed files to be invalid.

5. Schedule a maintenance window for the upgrade procedure because traffic is affected.

Configure

Step 1. Log into the Firewall Device Manager using the Management IP of the FTD:

Step 2. Click on View Configuration on the Firewall Device Manager Dashboard:

Step 3. Click on the Browse button under the System Upgrade section to upload the installation package:

Caution: Once you upload the upgrade package the BROWSE is going to display an animation while the file is still getting uploaded. Do not refresh the web page until the upload finishes.

Example of upload progress page:

Step 4. Once the upload finishes a pop-up window appears asking for confirmation:

Note: You can check the Run Upgrade immediately on upload option in case you would like to directly proceed with upgrade, however note this is going to skip the Readiness Check which can provide insights about conflicts on the upgrade preventing a failure.

Step 5.  Click on Run Upgrade Readiness Check to perform a pre-validation on the upgrade in order to prevent an upgrade failure:

Note: You can validate that the Readiness Check finished successfully from the Task List.

Example of a successful Readiness Check:

Step 6. Click on the UPGRADE NOW button to proceed with the software upgrade:

Step 7. On the pop-up window select CONTINUE to proceed with the upgrade:

Note: The rollback option is enabled by default, it is suggested you keep this option in order to revert any upgrade configuration in case of an issue on the upgrade.

Step 8. You are redirected to a page where the upgrade progress is going to be displayed:

Example of the progress page:

Step 9. Click on the FINISH button after the upgrade completes successfully to return to the login screen:

Validation

Once the upgrade finishes you can log into the Firepower Device Manager to validate the current version, this is displayed on the Overview dashboard:

To perform an upgrade validation via CLI you can use these steps:

I.   Create an SSH Session using the Management IP of the FTD.

II. Use the show version command to validate the current version on your chassis.

Example of the suggested procedure: